Zenith Live is coming to Europe in October. Join us! Register
Zenith Live is coming to Europe in October. Join us!
Register
Products > Data Privacy and Security

Data Privacy and Security

Data privacy and security considerations in a cloud enabled world

Data privacy and security is at the core of Zscaler’s business and something we take very seriously

Zscaler ensures that millions of employees at thousands of enterprise and government organizations worldwide are protected against cyberattacks and data breaches. Each organization faces unique regulatory challenges based upon industry, geography, and other factors, and the Zscaler platform is designed to simplify compliance and reporting, globally. Each day, over 200 of the Forbes Global 2000 organizations in more than 185 countries rely on Zscaler.

Read About Our Cloud Platform
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

The Zscaler Cloud

It all starts with our architecture. Zscaler built from scratch an infinitely scalable, cost-effective, and ultra-fast cloud security architecture that integrates three key components for control, enforcement, and logging: the Central Authority (CA), Zscaler Enforcement Nodes (ZENs), and Nanolog Servers.

Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

The Control Plane: Central Authority

The Zscaler Central Authority monitors our entire security cloud and provides a central location for software and database updates, policy and configuration settings, and threat intelligence. The collection of Zscaler Central Authority instances together form the brain of the cloud, and they are geographically distributed for redundancy and performance.

Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

The Data Plane: Zscaler
Enforcement Nodes

Traffic is directed to the Zscaler Enforcement Node (ZEN) nearest the user, where security, management, and compliance policies are enforced consistently, no matter where the user connects. Each ZEN utilizes a full proxy architecture and is built to ensure that data is not written, but scanned in RAM only and then erased. Logs are continuously created in memory and forwarded to our logging module.

The Logging Plane: Nanolog Technology

Built into ZENs, Nanolog technology performs lossless compression of logs, which are transmitted to Nanolog servers over secure connections and multicast for redundancy. Zscaler customers can mine billions of transaction logs to generate reports that provide insight into network utilization and traffic. We continuously update our dashboards and reporting and can stream logs to a third-party Security Information and Event Management (SIEM) service as they arrive. Customers can choose to have logs written to disk in a physical location that complies with regional regulations.

Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

Security and Data Privacy

Privacy protection at the Web Transaction level

  • ZENs never store any web transaction content or personally identifiable information (PII)
  • Web transaction content is never written to disk; all content inspection takes place in memory
  • Customer transaction logs (Customer Logs) are transferred to Zscaler’s Nanolog Clusters in an encrypted format
  • Customers logs are only available via the Zscaler web user interface by authorized administrators with appropriate privileges

Privacy protection at the Facilities level

  • Security standards on par with world-class financial and data centers for hub facilities (Either ISO27001, SAS 70, or similar local certification)
  • Authorized personnel must pass through multiple levels of security and biometric scanning to gain access
  • All data centers are hosted in secure telecommunications centers at major internet exchange points globally
  • 24x7x365 security management and site access via security operations center

Privacy protection at the Network level

  • Customer logs are never stored in clear text
  • Customer logs are transmitted as indexed, compressed and differential logs
  • A single log is meaningless without a complete string of historic logs
  • All communication between ZENs and Nanolog are encrypted using TLS

Zscaler is ISO27001-certified and provides
99.999% availability SLA—with additional
SLAs on latency and virus capture too.

The General Data Protection Regulation (GDPR)

Zscaler and the GDPR

Zscaler is committed to our customers’ success, including compliance with applicable privacy laws. Like with other existing privacy laws, including the current data protection directive, compliance with GDPR will require a partnership between Zscaler and our customers in their use of our services and products.

Learn More
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.

Australian and New Zealand Data Privacy

As with GDPR, compliance with data privacy laws in Australia and New Zealand will require a partnership between Zscaler and our customers in their use of our services and products. Zscaler remains committed to protecting personal data in compliance with the highest standards of privacy and security.

Learn More

Zscaler EU-U.S. and Swiss-U.S. Privacy Shield Certifications

As an early adopter of the Privacy Shield, Zscaler furthers its commitment to protecting the privacy and security of our customers' data. Zscaler customers can be assured that personal data transferred from the EU and Switzerland to the United States will be protected by the safeguards set by the Privacy Shield.

Learn More
Relying on UTM and NGFW appliances to secure internet traffic is costly, results in appliance sprawl, and compromises branch security.